@@ -407,33 +407,42 @@ def assure_permissions_and_group(self, directory):
407407 raise ValueError (
408408 f'{ inspect .currentframe ().f_code .co_name } { directory } )
409409
410- # Get the group ID of the directory
410+ # Get current permissions and group
411411 dir_stat = os .stat (directory )
412+ current_mode = dir_stat .st_mode
412413 dir_gid = dir_stat .st_gid
413-
414- # Change the permissions of the directory to 0o2775
415- os .chmod (directory , 0o2775 )
414+
415+ # Calculate desired mode (preserve existing bits except setgid + rwx for group)
416+ desired_mode = 0o2775 # drwxrwsr-x
417+
418+ # Only modify if needed
419+ if (current_mode & 0o7777 ) != desired_mode :
420+ os .chmod (directory , desired_mode )
416421
417422 # Iterate over all files and directories in the directory and its subdirectories
418423 for root , dirs , files in os .walk (directory , topdown = True ):
419424 for dir in dirs :
420425 dir_path = os .path .join (root , dir )
421- # Change the permissions of the subdirectory to 0o2775
422- os .chmod (dir_path , 0o2775 )
426+ dir_current_mode = os .stat (dir_path ).st_mode
427+ if (dir_current_mode & 0o7777 ) != desired_mode :
428+ os .chmod (dir_path , desired_mode )
423429
424430 for file in files :
425431 path = os .path .join (root , file )
432+ file_current_mode = os .stat (path ).st_mode
426433
427434 # Get the file extension
428435 _ , extension = os .path .splitext (path )
429436
430437 # If the file is a .pem file
431438 if extension == '.pem' :
432- # Change the permissions to 400
433- os .chmod (path , 0o400 )
439+ # Only change permissions if needed
440+ if (file_current_mode & 0o777 ) != 0o400 :
441+ os .chmod (path , 0o400 )
434442 else :
435- # Change the permissions to 664
436- os .chmod (path , 0o664 )
443+ # Only change permissions if needed
444+ if (file_current_mode & 0o777 ) != 0o664 :
445+ os .chmod (path , 0o664 )
437446
438447 # Change the group ID to the same as the directory
439448 os .chown (path , - 1 , dir_gid )
0 commit comments